Passive Scanner API

The following operations are added to the API:

clearQueue: Clears the passive scan queue.
disableAllScanners: Disables all passive scan rules.
disableAllTags: Disables all passive scan tags.
disableScanners (ids*): Disables passive scan rules.
- ids: A comma separated list of scan rule IDs.
enableAllScanners: Enables all passive scan rules.
enableAllTags: Enables all passive scan tags.
enableScanners (ids*): Enables passive scan rules.
- ids: A comma separated list of scan rule IDs.
setEnabled (enabled*): Sets whether or not the passive scanning is enabled (Note: the enabled state is not persisted).
- enabled: The enabled state, true or false.
setMaxAlertsPerRule (maxAlerts*): Sets the maximum number of alerts a passive scan rule can raise.
- maxAlerts: The maximum number of alerts.
setScanOnlyInScope (onlyInScope*): Sets whether or not the passive scan should be performed only on messages that are in scope.
- onlyInScope: The scan state, true or false.
setScannerAlertThreshold (id* alertThreshold*): Sets the alert threshold of a passive scan rule.
- id: The ID of the scan rule.
- alertThreshold: The alert threshold: OFF, DEFAULT, LOW, MEDIUM and HIGH

currentTasks: Shows information about the passive scan tasks currently being run (if any).
maxAlertsPerRule: Gets the maximum number of alerts a passive scan rule should raise.
recordsToScan: The number of records the passive scanner still has to scan.
scanOnlyInScope: Tells whether or not the passive scan should be performed only on messages that are in scope.
scanners: Lists all passive scan rules with their ID, name, enabled state, and alert threshold.

See also